Published: 26/09/2015 Updated: 09/10/2018

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco anyconnect_secure_mobility_client 4.1.\\(8\\)

/* Cisco AnyConnect elevation of privileges via DMG install script - proof of concept Yorick Koster, July 2015 securifynl/advisory/SFY20150701/cisco_anyconnect_elevation_of_privileges_via_dmg_install_scripthtml based on expertmiamiblogspotcom/2015/06/cisco-anyconnect-secure-mobility-clienthtml */ #include <stdioh&gt ...

Cisco AnyConnect Secure Mobility Client for OS X is affected by a vulnerability that allows local attackers to mount arbitrary DMG files at arbitrary mount points By exploiting this vulnerability is is possible for the attacker to gain root privileges Cisco reports that a similar issue also exists in Cisco AnyConnect Secure Mobility Client for Li ...

CWE-264 http://tools.cisco.com/security/center/viewAlert.x?alertId=41135 https://www.securify.nl/advisory/SFY20150701/cisco_anyconnect_elevation_%20of_privileges_via_dmg_install_script.html http://packetstormsecurity.com/files/133685/Cisco-AnyConnect-DMG-Install-Script-Privilege-Escalation.html https://www.exploit-db.com/exploits/38303/http://www.securitytracker.com/id/1033656 http://seclists.org/fulldisclosure/2015/Sep/86 http://www.securityfocus.com/archive/1/536534/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/38303/

CVE-2015-6306

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect